feat(settings): make appSecret optional

README.md

@@ -35,7 +35,7 @@ import { auth } from 'nexus-plugin-jwt-auth'
 
 // Enables the JWT Auth plugin without permissions
 use(auth({
-  appSecret: "<YOUR SECRET>" // required
+  appSecret: "<YOUR SECRET>" // optional if using custom verify function
 }))
 ```
 
@@ -63,7 +63,7 @@ const protectedPaths = [
 
 // Enables the JWT Auth plugin with permissions
 use(auth({
-  appSecret: "<YOUR SECRET>", // required
+  appSecret: "<YOUR SECRET>", // optional if using custom verify function
   protectedPaths // optional
 }))
 ```

src/runtime.ts

@@ -17,12 +17,16 @@ export const plugin: RuntimePlugin<Settings, 'required'> = settings => project =
           return {
             token: await settings.verify(req)
           }
-        } else if (settings.useCookie && req.cookies && settings.cookieName && req.cookies[settings.cookieName]) {
-          const token = req.cookies[settings.cookieName];
+        } else if (settings.appSecret != undefined) {
+          let token
+
+          if (settings.useCookie && req.cookies && settings.cookieName && req.cookies[settings.cookieName]) {
+            token = req.cookies[settings.cookieName];
+          } else if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
+            token = req.headers.authorization.split(' ')[1]
+          }
+
           return verifyToken(token, settings.appSecret);
-        } else if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
-          const token = req.headers.authorization.split(' ')[1]
-          verifyToken(token, settings.appSecret)
         }
 
         return {

src/settings.ts

@@ -1,7 +1,7 @@
 import { Request } from "express";
 
 export type Settings = {
-  appSecret: string;
+  appSecret?: string;
   protectedPaths?: string[];
   useCookie?: boolean;
   cookieName?: string;